As individuals and businesses conduct an ever-increasing amount of activity on and over computer systems and the internet it becomes more difficult to protect the computer systems. The computer systems include proprietary and non-proprietary computer networks, and often store, archive, and transmit all types of sensitive information.
One common solution for securing computer systems is to provide login and password functionality. Passwords provide little security in that they are generally susceptible to inappropriate access, through either brute-force attacks or through phishing. Phishing is the sending of electronic communication that claims to be from some web-site in order to trick the recipient into revealing information for use in having the user reveal information such as his username and password. The user is often directed to a web-site that looks like the actual web-site in question and may silently redirect the user to the real web site after collecting their username and password or use a man-in-the-middle server.
Another solution for securing computer systems is to provide challenge questions from a knowledge-based authentication system. During a user login, the knowledge-based authentication system can query the user as to the type of car he or she owns. This information could have been provided by the user or further provided by public records such as stored by the Division of Motor Vehicles of many states. Other, questions based on public records, such as what city or state the user was the born, locations the user or relatives/associates of the user have lived in are also used.
A correct response to a challenge question allows the user access to a web-site or other data source that the user has an account with. An incorrect response has the system refrain from authenticating the user or present the user with yet another challenge question.